lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 23 Jan 2016 18:45:25 -0800
From:	Eric Dumazet <edumazet@...gle.com>
To:	Kui Zhang <kuizhang@...il.com>
Cc:	Eric Dumazet <eric.dumazet@...il.com>,
	David Miller <davem@...emloft.net>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: connection failure after "tcp: remove max_qlen_log"

On Sat, Jan 23, 2016 at 6:08 PM, Kui Zhang <kuizhang@...il.com> wrote:
> Per man page, listen(fd, 0) is valid.
>
> A  backlog  argument  of  0 may allow the socket to accept
> connections, in which case the length of the listen queue may be set
> to an implementation-defined minimum value.
>
> http://pubs.opengroup.org/onlinepubs/009695399/functions/listen.html
>

It is perfectly valid, as you pointed out, to set the implementation
defined minimum to 0.

Since you do not want to depend on some magic number, just set the
backlog to 1, or even better 1000



Linux man page :


       int listen(int sockfd, int backlog);

DESCRIPTION
       listen() marks the socket referred to by sockfd as a passive
socket, that is, as a socket that will be used
       to accept incoming connection requests using accept(2).

       The sockfd argument is a file descriptor that refers to a
socket of type SOCK_STREAM or SOCK_SEQPACKET.

       The backlog argument defines the maximum length to which the
queue of pending connections  for  sockfd  may
       grow.   If  a  connection  request  arrives when the queue is
full, the client may receive an error with an
       indication of ECONNREFUSED or, if the underlying protocol
supports  retransmission,  the  request  may  be
       ignored so that a later reattempt at connection succeeds.

maximum length = 0

For the second problem it was already fixed.

commit acb4a6bfc80ddeea4c44074dd630f916259e909e
Author: Eric Dumazet <edumazet@...gle.com>
Date:   Tue Oct 6 14:49:58 2015 -0700

    tcp: ensure prior synack rtx behavior with small backlogs

    Some applications use a listen() backlog of 1.
-----------------------------------------------------------------------------------------------


Setting the backlog to 0 is a way to not accept connections, while
still keeping the port bound.

A listener is now able to temporarily not accept new flows.


If you want to accept connections, just set the backlog to something reasonable.

As a bonus, your daemon will not reject a connection attempt just
because few SYN_RECV sockets are waiting for the 3rd packet of 3WHS,
when dealing with large RTT.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ